SQL Injection Attacks and Tips on How to Prevent Them

24 September, 2009 at 02:18 | In Announcement, Event | Leave a Comment
Tags: , , , ,

Wednesday, 28th October 2009 at 19:00 – 21:00
Queen Margaret Building, Dundee University

The Talk

In light of some recent events, such as the man who was convicted of stealing 130 million credit card details through a SQL Injection attack, it is imperative that developers understand what a SQL Injection Attack is, how they are carried out, and most importantly, how to defend your code against attack.

In this talk Colin Mackay will demonstrate a SQL Injection Attack on an application in a controlled environment*. He’ll show you where the vulnerable code lies and what you can do to harden it.

Although this talk uses C# as the application language and Microsoft SQL Server 2008 as the database engine many of the concepts and prevention mechanisms will apply to any application that accesses a database through SQL.

* Demonstrating an attack on a real system without the owner’s consent is a breach of the 1990 Misuse of Computers Act, hence the controlled environment.

The Speaker

Colin Angus Mackay is a Software Developer living in Glasgow. He has been programming since the age of 9 starting with a Sinclair ZX Spectrum. He became a professional software developer in 1994, using a Smalltalk based language called Magik. In 1996 he started using C++ commercially and in 2002 migrated to the emerging language of C#.

Colin has received a number of awards including Code Project MVP (for 5 years) and Microsoft MVP (for 3 years). He is a member of the British Computer Society and a Member of the Institution of Analysts and Programmers. He is currently the chairman of Scottish Developers and has organised the last two Developer Day Scotland conferences (with a third in the works).

You can find out more on his blog.

The Venue

We are meeting in the Queen Mother Building at Dundee University. After the meeting we normally retire to the the bar at Laing’s

The Agenda

18:45 Doors Open
19:00 Welcome
19:10 The Talk (Part 1)
19:55 Break
20:05 The Talk (Part 2)
20:45 Feedback & Prizes
21:00 Repair to the Pub

Registration

Space is limited, we would therefore ask that you sign up.

Next SQL Server UG Meeting

24 September, 2009 at 01:45 | In Third party event | Leave a Comment
Tags: , , , , ,

This just in from Martin Bell at the SQL Server User Group:

I’ve just put up the meeting details for an User Group Meeting on the 8th October. Rob is going to be talking about useful tools for performance analysis and showing you how to use them, I’ll be following with an introduction to powershell. Check out here for more details:

http://www.sqlserverfaq.com/events/202/SQL-Server-Performance-Analysis-Tools-and-Powershell.aspx

Don’t forget that the early bird offers for SQLBits will finish on the 30th September. We have a great line up for the Thursday and Friday including a keynote speech by Donald Farmer. Make sure that you vote for the sessions you want to see on the Saturday; session voting will close on the 4th October. There is still a chance to win a free ticket to all 3 days of the conference by entering our Mug Shot competition. For more see www.sqlbits.com

Blog at WordPress.com. | Theme: Pool by Borja Fernandez.
Entries and comments feeds.